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Abstract 

For  synchronous  point-to-point  n-node  networks  of  undirected  links,  it  has  been  previously 
shown  that,  to  achieve  consensus  in  presence  of  up  to  /  Byzantine  faults,  the  following  two 
conditions  are  together  necessary  and  sufficient:  (i)  n  >  3/  +  1  and  (ii)  network  connectivity 
greater  than  2/.  The  first  condition,  that  is,  n  >  3/  +  1,  is  known  to  be  necessary  for  directed 
graphs  as  well.  On  the  other  hand,  the  second  condition  on  connectivity  is  not  necessary  for 
directed  graphs.  So  far,  tight  necessary  and  sufficient  condition  for  Byzantine  consensus  in 
directed  graphs  has  not  been  developed. 

This  paper  presents  tight  necessary  and  sufficient  condition  for  achieving  Byzantine  consensus 
in  synchronous  networks  that  can  be  represented  as  directed  graphs.  We  provide  a  constructive 
proof  of  sufficiency  by  presenting  a  new  Byzantine  consensus  algorithm  for  directed  graphs. 

Further  work  is  needed  to  improve  the  message  overhead  of  Byzantine  consensus  in  directed 
graphs. 
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1  Introduction 


In  a  network  of  n  nodes  with  up  to  /  Byzantine  faulty  nodes,  it  is  well-known  that  the  following  two 
conditions  together  are  both  necessary  and  sufficient  for  the  existence  of  exact  Byzantine  consensus 
algorithms  [5,  2]  in  networks  of  undirected  links  (i.e. ,  undirected  graphs). 

•  n  >  3/  +  1,  and 

•  The  connectivity  of  the  underlying  communication  graph  is  at  least  2/  +  1. 

In  this  work,  we  consider  algorithms  for  achieving  exact  Byzantine  consensus  in  synchronous 
point-to-point  networks  that  are  modeled  by  arbitrary  directed  graphs,  i.e.,  the  communication 
between  two  neighboring  nodes  is  not  necessarily  bi-directional.  Consider  a  network  of  n  nodes, 
of  which  at  most  /  nodes  may  be  Byzantine  faulty.  We  assume  that  each  node  is  given  an  initial 
input  in  {0, 1}.  The  Byzantine  consensus  algorithms  of  interest  must  satisfy  the  following  three 
properties,  where  Xj  denotes  node  i’s  input: 

•  Termination:  every  fault-free  node  i  eventually  decides  on  an  output  value  r/j. 

•  Agreement:  the  output  values  of  all  the  fault-free  nodes  are  equal,  i.e.,  there  exists  y  such 
that,  for  every  fault-free  node  i ,  yt  =  y. 

•  Validity:  for  every  fault-free  node  i ,  there  exists  a  fault-free  node  k  such  that  the  output 
value  yi  =  xk. 


2  System  Model 

Communication  model:  The  system  is  assumed  to  be  synchronous.  The  synchronous  communication 
network  consisting  of  n  nodes  is  modeled  as  a  simple  directed  graph  G(V,£),  where  V  is  the  set 
of  n  nodes,  and  £  is  the  set  of  directed  edges  between  the  nodes  in  V.  We  assume  that  n  >  2, 
since  the  consensus  problem  for  n  =  1  is  trivial.  Node  i  can  transmit  messages  to  another  node  j  if 
and  only  if  the  directed  edge  ( i,j )  is  in  £.  Each  node  can  send  messages  to  itself  as  well,  however, 
for  convenience,  we  exclude  self-loops  from  set  £.  That  is,  ( i,i )  0  £  for  j  £  V.  With  a  slight 
abuse  of  terminology,  we  will  use  the  terms  edge  and  link,  and  similarly  the  terms  node  and  vertex, 
interchangeably. 

All  the  links  (i.e.,  communication  channels)  are  reliable,  FIFO  (first-in  first-out)  and  deliver 
each  transmitted  message  exactly  once.  When  node  i  wants  to  send  message  M  on  link  ( i,j )  to 
node  j,  it  puts  the  message  M  in  a  send  buffer  for  link  No  further  operations  are  needed 

at  node  r,  the  mechanisms  for  implementing  reliable,  FIFO  and  exactly-once  semantics  are  trans¬ 
parent  to  the  nodes.  When  a  message  is  delivered  on  link  (i,j),  it  becomes  available  to  node  j  in 
a  receive  buffer  for  link  (i,j).  As  stated  earlier,  the  communication  network  is  synchronous,  and 
each  message  sent  on  link  (i,j)  is  delivered  to  node  j  within  a  bounded  interval  of  time. 

Failure  Model:  We  consider  the  Byzantine  failure  model,  with  up  to  /  nodes  becoming  faulty. 
A  faulty  node  may  misbehave  arbitrarily.  Possible  misbehavior  includes  sending  incorrect  and 
mismatching  (or  inconsistent)  messages  to  different  neighbors.  The  faulty  nodes  may  potentially 
collaborate  with  each  other.  Moreover,  the  faulty  nodes  are  assumed  to  have  a  complete  knowledge 
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of  the  execution  of  the  algorithm,  including  the  states  of  all  the  nodes,  contents  of  messages  the 
other  nodes  send  to  each  other,  the  algorithm  specification,  and  the  network  topology. 


3  Terminology 

Upper  case  italic  letters  are  used  to  name  subsets  of  V,  and  lower  case  italic  letters  are  used  to 

name  nodes  in  V. 

Incoming  neighbors: 

•  Node  i  is  said  to  be  an  incoming  neighbor  of  node  j  if  (i,j)  €  £■ 

•  For  set  B  C  V,  node  i  is  said  to  be  an  incoming  neighbor  of  set  B  if  i  0  B,  and  there  exists 
j  £  B  such  that  (i,  j)  €  £. 

•  Set  B  is  said  to  have  k  incoming  neighbors  in  set  A  if  set  A  contains  k  distinct  incoming 
neighbors  of  B. 

Directed  paths:  All  paths  used  in  our  discussion  are  directed  paths. 

•  Paths  from  a  node  i  to  another  node  j : 

—  An  “(i,  j)-path”  is  a  directed  path  from  node  i  to  node  j. 

—  An  j)-Pat;h  excluding  A”  is  a  directed  path  from  node  i  to  node  j  that  does  not 
contain  any  node  from  set  A. 

—  Two  paths  from  node  i  to  node  j  are  said  to  be  “disjoint”  if  the  two  paths  only  have 
nodes  i  and  j  in  common,  with  all  remaining  nodes  being  distinct. 

—  The  phrase  “d  disjoint  (i.  j)-paths”  refers  to  d  pairwise  disjoint  paths  from  node  i  to 
node  j. 

—  The  phrase  “d  disjoint  (?',  j)-paths  exluding  A”  refers  to  d  pairwise  disjoint  (i,  j)-paths 
that  do  not  contain  any  nodes  in  set  A. 

•  Every  node  i  trivially  has  a  path  to  itself.  That  is,  for  all  i  €  V,  (i,  *)-path  exists  excluding 

v-{*}. 

•  Paths  from  a  set  S  to  node  j  0  S: 

—  A  path  is  said  to  be  an  “(S,  j)-Path”  if  it  is  an  (i,j)-path  for  some  i  &  S. 

—  An  “(5,  j)-Path  excluding  A”  is  a  (S,  j)-Path  that  does  not  contain  any  node  from  set 
A. 

—  Two  (S,  jj-pa-ths  are  said  to  be  “disjoint”  if  the  two  paths  only  have  node  j  in  common, 
with  all  remaining  nodes  being  distinct  (including  the  first  nodes  on  the  paths). 

—  The  phrase  ttd  disjoint  (S,  j)-paths”  refers  to  d  pairwise  disjoint  (S,  j)-Paths. 

—  The  phrase  “d  disjoint  (S,  j)-Paths  exluding  A”  refers  to  d  pairwise  disjoint  (S,  j)-paths 
that  do  not  contain  any  nodes  from  set  A. 
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Note  that  two  disjoint  (?',  j)-paths  are  not  disjoint  ({?'},  j)-paths.  d  disjoint  (A,  j)-paths  can 
possibly  exist  for  set  A  only  ii\A\>  d. 

For  a  directed  path  from  node  i  to  node  j .  node  i  will  be  said  to  be  the  “source”  node  on  the 
path.  Thus,  for  given  d  disjoint  [A,  6)-paths  there  are  d  distinct  sources  nodes,  all  of  which  belong 
to  A. 


4  Necessary  Condition 

For  a  correct  Byzantine  consensus  algorithm  to  exist,  the  networks  graph  G(V,£)  must  satisfy  the 
necessary  condition  proved  in  this  section.  We  state  the  necessary  condition  in  two  different  forms 

in  this  section,  and  show  that  the  two  forms  are  equivalent.  Later  in  Theorem  4  we  will  state  the 

necessary  condition  in  a  different  form. 

4.1  Necessary  Condition:  First  Version 

Relations  =S  and  below  are  used  frequently  in  our  discussion. 

Definition  1  For  disjoint  sets 1  of  nodes  A  and  B,  where  B  is  non-empty: 

•  A  ^  B  iff  set  A  contains  at  least  /  +  1  distinct  incoming  neighbors  of  B . 

That  is,  |  {i  |  ( i,j )  €  £,  i  €  A,  j  €  B}  |  >  /. 

•  A  B  iff  A  B  is  not  true. 

Note  that  when  A  =  <F,  and  B  f  $,  we  have 


A^B 

Theorem  1  Suppose  that  a  correct  Byzantine  consensus  algorithm  exists  for  G(V,£).  For  any 
partition 2  L,  R,  C,  F  of  V,  such  that  both  L  and  R  are  non-empty,  and  \F\  <  f ,  either  L  U  C  R, 
or  RU  C  L. 


Proof:  The  proof  is  presented  in  Appendix  A.  □ 

4.2  Necessary  Condition:  Second  Version 

Definition  2  Given  a  partition  A,  B,  F  ofV  such  that  |F|  <  /,  set  A  is  said  to  propagate  inV  —  F 
to  set  B  if  either  (i)  B  =  <1,  or  (ii)  for  each  node  b  G  B,  there  exist  at  least  /+ 1  disjoint  (A,  b)-paths 
excluding  F. 

We  will  denote  the  fact  that  set  A  propagates  in  V  —  F  to  set  B  by  the  notation 

A  V^AF  B 

1Sets  A  and  B  are  said  to  be  disjoint  if  A  D  B  =  <E>.  As  per  this  definition,  any  set  A  is  disjoint  with  empty  set  4>. 
2 Sets  Xi,  X2,  X3, ...,  Xp  are  said  to  form  a  partition  of  set  X  provided  that  (i)  Ui<i<pA'i  =  X,  and  (ii)  Xt  fl X,  =  <£> 
if  i  ^  j. 
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When  it  is  not  true  that  A 


V—F 


B,  we  will  denote  that  fact  by 


V—F 

A  B 

■y _ jp 

Lemma  1  Given  a  partition  A,B,F  of  V  such  that  B  is  non-empty,  and  |Ej  <  f,  if  A  B, 
then  size  of  A  must  be  at  least  f  +  1 . 


Proof:  By  definition,  there  must  be  at  least  f  +  1  disjoint  (A,  6)-paths  excluding  F  for  each  b  G  B. 
Each  of  these  f  +  1  disjoint  paths  will  have  a  distinct  source  node  in  A.  Therefore,  such  f  +  1 
disjoint  paths  can  only  exist  if  A  contains  at  least  f  +  1  distinct  nodes.  □ 

We  now  state  the  second  form  of  the  necessary  condition. 


Theorem  2  Suppose  that  a  correct  Byzantine  consensus  algorithm  exists  for  G{V,£). 
any  partition  A,B,F  of  V ,  where  A  and  B  are  both  non-empty,  and  |F|  <  f,  either  A 
B  A. 


Then  for 

;-F  T3 

B  or 


Proof:  Suppose  that  a  correct  Byzantine  consensus  algorithm  exists  for  G(V,£).  Therefore,  G 
must  satisfy  the  condition  in  Theorem  1.  Theorem  2  is  proved  below  using  Lemmas  2  through 
4.  Lemmas  2  through  4  together  prove  that  the  condition  in  Theorem  1  implies  the  condition  in 
Theorem  2.  □ 

Lemma  2  Assume  that  the  condition  in  Theorem  1  holds  for  G (V,£).  Then,  for  any  partition 
A,B,F  ofV,  where  A  is  non-empty,  and  |F|  <  f,  if  B  yl-  A,  then  AV~^  B. 

Proof:  If  B  =  <f>,  then  by  Definition  2,  the  lemma  is  trivially  true.  In  the  rest  of  this  proof, 
assume  that  B  / 

Add  a  new  (virtual)  node  v  to  graph  G,  such  that,  (i)  v  has  no  incoming  edges,  (ii)  v  has  an 
outgoing  edge  to  each  node  in  A,  and  (iii)  v  has  no  ougoing  edges  to  any  node  that  is  not  in  A. 
Let  G+v  denote  the  graph  resulting  after  the  addition  of  v  to  G(V,£)  as  described  above. 

We  want  to  prove  that  A  B.  Equivalently,3  we  want  to  prove  that,  in  graph  G+v,  for  each 
b  €  B,  there  exist  f  +  1  disjoint  ( v ,  6)-paths  excluding  F.  We  will  prove  this  claim  by  contradiction. 
V-F 

Suppose  that  A  B ,  and  therefore,  there  exists  a  node  b  £  B  such  that  there  are  at  most 

/  disjoint  (v,b)  paths  excluding  F  in  G+v.  There  is  no  direct  edge  from  v  to  b.  Then  Menger’s 
theorem  [8]  implies  that  there  exists  a  set  F\  C  [A  U  B)  —  {b}  with  |Ei|  <  /,  such  that,  in  graph 
G+v,  there  is  no  ( v ,  6)-path  excluding  F  U  F\.  In  other  words,  all  (u,  6)-paths  exluding  F  contain 
at  least  one  node  in  F\ . 

Let  us  define  the  following  sets  L,  R,C: 

3  Justification:  Suppose  that  A  B.  By  the  definition  of  A  V-^f  B,  for  each  b  £  B,  there  exist  at  least  f  +  1 
disjoint  (T,  6)-paths  excluding  F  -  these  paths  only  share  node  b.  Since  v  has  outgoing  links  to  all  the  nodes  in  A, 
this  implies  that  there  exist  f  +  1  disjoint  (n,6)-paths  excluding  F  in  G+v  -  these  paths  only  share  nodes  v  and  b. 
Now,  let  us  prove  the  converse.  Suppose  that  there  exist  f  +  1  disjoint  (v,  6)-paths  excluding  F  in  G+v.  Node  v  has 
outgoing  links  only  to  the  nodes  in  A,  therefore,  from  the  (/  +  1)  disjoint  ( v ,  &)-paths  excluding  F,  if  we  delete  node 
v  and  its  outgoing  links,  then  the  shortened  paths  are  disjoint  (A,  6)-paths  excluding  F. 
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•  L  =  A. 

L  is  non-empty,  because  A  is  non-empty. 

•  R  =  {  i  |  i  G  B  —  F\  and  there  exists  ( i ,  6)-path  excluding  F  U  Fi}. 

Thus,  R  C  B  —  F\  C  B. 

Note  that  b  G  R.  Thus,  R  is  non-empty. 

•  C  =  B  —  R. 

Thus,  CCB.  Since  R  C  B,  it  follows  that  R  U  C  =  B. 

Observe  that  L,  R,  C  are  disjoint  sets,  and  LLi  RLi  C  =  A  Li  B.  Since  set  F\  C  A  U  B,  L  =  A,  and 
R  0  F\  =  <h,  we  have  Tj  C  LuC,  and  F\  n  B  C  C.  Thus,  set  C  can  be  partitioned  into  disjoint 
sets  B i  and  B2  such  that 

•  Bi  =  Cr\Fi  =  Br\F\CCCB,  and 

•  B2  =  C  -  BiCC  C  B.  Note  that  B2  0  F±  =  <h. 

We  make  the  following  observations: 

•  For  any  x  €  A  —  F\  =  L  —  F\  and  y  G  R,  ( x ,  y)  0  £ 

Justification:  Recall  that  virtual  node  v  has  a  directed  edge  to  x.  If  edge  (x,  y)  were  to  exist 
then  there  would  be  a  ( v ,  6)-path  via  nodes  x  and  y  excluding  FU  F\  (recall  that  y  has  a  path 
to  b  excluding  F  Li  Fi).  This  contradicts  the  definition  of  set  F\ . 

•  For  any  p  €  B2,  and  q  £  R,  ( p ,  q)  0  £ 

Justification:  If  edge  ( p ,  q)  were  to  exist,  then  there  would  be  a  (p,  6)-path  via  node  q  excluding 
F  U  Fi,  since  q  has  a  (q,  6) -path  excluding  F  U  F\.  Then  node  p  should  have  been  in  R  by 
the  definition  of  R.  This  is  a  contradiction  to  the  assumption  that  p  €  B2,  since  B2  D  R  C 
CnR  =  $. 


Thus,  all  the  incoming  neighbors  of  set  R  are  contained  in  F\  (note  that  F\  =  (An  F\ )  U  B 1). 
Recall  that  F\  C  L  U  C.  Since  |Fi|  <  /,  it  follows  that 

LUC^R  (1) 

By  assumption  in  the  lemma,  B  yl-  A.  By  definitions  of  L,  R,  C  above,  we  have  A  =  L  and 
B  =  C  U  R.  Thus, 

CUR^L  (2) 

•y _ jp 

(1)  and  (2)  contradict  the  condition  in  Theorem  1.  Thus,  we  have  proved  that  A  B.  □ 


Lemma  3  Assume  that  the  condition  in  Theorem  1  holds  for  G'(V,  £).  Consider  a  partition  A,  B,  F 

V-F 

ofV,  where  A,B  are  both  non-empty,  and  |F|  <  / .  If  B  fi*  A  then  there  exist  A'  and  B'  such 

•  A'  and  B'  are  both  non-empty, 

•  A'  and  B'  form  a  partition  of  A  U  B, 

•  A'  C  A  and  B  C  B' ,  and 

•  B'^A'. 
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V-F 

Proof:  Suppose  that  B  -/*  A. 

Add  a  new  (virtual)  node  w  to  graph  G ,  such  that,  (i)  w  has  no  incoming  edges,  (ii)  w  has  an 
outgoing  edge  to  each  node  in  B ,  and  (iii)  w  has  no  outgoing  edges  to  any  node  that  is  not  in  B. 
Let  G+w  denote  the  graph  resulting  after  addition  of  w  to  G(V,£)  as  described  above. 

V-F 

Since  B  -/>  A,  for  some  node  a  €  A  there  exist  at  most  /  disjoint  (B,  a)-paths  excluding  F. 
Therefore,  there  exist  at  most  /  disjoint  (tc,  a)-paths  excluding  F  in  G+w.  Then,  by  Menger’s 
theorem  [8],  there  must  exist  F\  C  (dUB)-{a},  |Fi|  <  /,  such  that,  in  graph  G+Wl  all  (w,  a)-paths 
excluding  F  contain  at  least  one  node  in  F\. 

Define  the  following  sets  (also  recall  that  V  —  F  =  AG  B): 

•  L  =  —  F  —  Fi  and  there  exists  an  (i,  a)-path  excluding  F  U  Fi  } 

•  R  =  {j\jeV-F-Fi  and  there  exists  in  G+w  a  (w,  j)-path  excluding  F  U  Fi  } 

Set  R  contains  B  —  F\  since  all  nodes  in  B  have  edges  from  w. 

•  C  =  V  —  F  —  L  —  R  =  {A  U  B)  —  L  —  R.  Observe  that  F\  C  C  (because  nodes  of  F\  are  not 
in  L  U  R).  Also,  by  dehnition  of  C,  sets  C  and  LG  R  are  disjoint. 

Observe  the  following: 

•  Sets  L  and  R  are  disjoint,  and  set  L  C  A  —  F\  C  A. 

Justification:  F\  n  L  =  F\  D  R  =  By  definition  of  F\ .  all  (w,  a)-paths  excluding  F  contain 
at  least  one  node  in  F\.  If  L  0  R  were  to  be  non-empty,  we  can  find  a  (w,  a)-path  excluding 
F  U  F±,  which  is  a  contradiction. 

Note  that  V  —  F  —  F\  =  (AU B)  —  F±;  therefore,  L  C  (AuB)  —  F\.  B  —  F\  C  R1  since  all  nodes 
in  B  —  F\  have  links  from  w.  Since  L  and  R  are  disjoint,  it  follows  that  (B  —  Fi)  n  L  =  <h, 
and  therefore,  {A  —  F\ )  n  L  =  L;  that  is,  L  C  A  —  F\  C  A. 

•  For  any  x  €  C  —  F\  and  y  €  L,  ( x ,  y)  0  £ . 

Justification:  If  such  a  link  were  to  exist,  then  x  should  be  in  L,  which  is  a  contradiction 
(since  C,  L  are  disjoint). 

•  There  are  no  links  from  nodes  in  R  to  nodes  in  L. 

Justification:  If  such  a  link  were  to  exist,  it  would  contradict  the  dehnition  of  F\,  since  we 
can  now  find  a  (w,  a)-path  excluding  FUF]. 

Thus,  all  the  incoming  neighbors  of  set  L  must  be  contained  within  F\.  Recall  that  F\  C  C  and 
|Fi|  <  /.  Thus, 

RUC^L  (3) 

Now  dehne,  A'  =  L,  B'  =  R  U  C.  Observe  the  following: 

•  A'  and  B'  form  a  partition  of  AG  B. 

Justification:  L,  R,  C  are  disjoint  sets,  therefore  A'  =  L  and  B'  =  R  U  C  are  disjoint.  By  the 
dehnition  of  sets  L,  R,  C  it  follows  that  A!  U  B'  =  L  U  (R  U  C)  =  V  —  F  =  A  U  B. 

4  See  footnote  3. 
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•  A'  is  non-empty  and  A!  C  A. 

Justification:  By  definition  of  set  L ,  set  L  contains  node  a.  Thus,  A'  =  L  is  non-empty.  We 
have  already  argued  that  L  C  A. 

•  B'  is  non-empty  and  B  C  B' . 

Justification:  Recall  that  L ,  R,  C  are  disjoint.  Thus,  by  definition  of  C,  RUC  =  (iUB)-L. 
Since  L  C  A,  it  follows  that  B  C  R  U  C  =  B' .  Also,  since  B  is  non-empty,  B'  is  also 
non-empty. 

•  B'  A' 

Justification:  Follows  directly  from  (3),  and  the  definition  of  A' ,  B' . 

This  concludes  the  proof.  □ 


Lemma  4  Theorem  1  implies  Theorem  2. 

Proof:  Assume  that  the  condition  in  Theorem  1  is  satisfied  by  graph  G(V,  £).  Consider  a  partition 
of  A,B,F  of  V  such  that  A,  B  are  non-empty  and  \F\  <  f.  To  prove  Theorem  2,  we  must  show 
that  either  A  B  or  B  V~'/'  A. 

Consider  two  possibilities: 

V—F 

•  B  -w  A:  In  this  case  the  proof  is  complete. 

V—F 

•  B  A:  Then  by  Lemma  3  there  exist  non-empty  sets  A/,  B'  that  form  a  partition  of  AuB 
such  that  A'  C  A,  B  C  B' ,  and  B'  y!>  A! .  Lemma  2  then  implies  that  A'  B' .  Since 
A'  C  A  and  A  U  B  =  A'  U  B’ ,  it  follows  that  A  B ,5 

□ 

Lemma  5  proves  that  the  condition  in  Theorem  2  implies  the  condition  in  Theorem  1. 

Lemma  5  Theorem  2  implies  Theorem  1. 

Proof:  We  will  prove  that  Theorem  2  implies  Theorem  1  by  proving  that  if  the  condition  in 
Theorem  1  is  violated,  then  the  condition  in  Theorem  2  is  violated  as  well. 

Suppose  that  the  condition  in  Theorem  1  is  violated.  Then  there  exists  a  partition  L,  R,  C,  F 
of  V  such  that  L,R  are  both  non-empty,  |F|  <  /, 

LUC^R 

and 

RUC  ^L. 

5 Explanation:  Since  A'  V~s.F  B' ,  for  each  b  €  B' ,  there  exist  /  +  1  disjoint  (A' ,  f>)-paths  excluding  F.  Since  B  C  B\ 
it  then  follows  that,  for  each  b  £  B  C  B'  there  exist  /  +  1  disjoint  (A',fo)-paths  excluding  F.  Since  A!  C  A,  and 
Fnd  =  f,  each  (A',  6)-path  excluding  F  is  also  a  (A,  6)-path  excluding  F.  Thus,  for  each  b  £  B  there  exist  /  +  1 
disjoint  (A,  6)-paths  excluding  F.  This  implies  that  A  B. 


Since  LUC  7^  R,  for  any  node  r  €  R,  there  exists  a  set  Fr,  |Fr|  <  /,  such  that  all  the  (LUC,  r)- 
paths  excluding  F  contain  at  least  one  node  in  Fr.  Since  L  is  a  subset  of  L  U  C,  Menger’s  theorem 
[8]  implies  that  there  are  at  most  /  disjoint  (L, r)-paths  excluding  F.  Since  r£l?UC, 

V-F 

L  RUC 

Similarly,  since  R  U  C  yl-  L,  for  any  node  l  €  L,  there  exists  a  set  F),  |F)|  <  /,  such  that  all  the 
(R  U  C,  Z)-paths  excluding  F  contain  at  least  one  node  in  Tj.  Menger’s  theorem  [8]  then  implies 
that  there  are  at  most  /  disjoint  ( R  U  C,  Z)-paths  excluding  F.  Thus, 

V-F 

RU  C  L 

Define  A  =  L,  and  B  =  R  U  C.  Thus,  A.  B,  F  is  a  partition  of  V  such  that  \F\  <  f  and  A,  B  are 

V-F  V-F 

non-empty.  The  two  conditions  derived  above  imply  that  A  -/>  B  and  B  •/*  A,  violating  the 
condition  in  Theorem  2.  □ 


Lemmas  4  and  5  imply  that  the  conditions  in  Theorems  1  and  2  are  equivalent. 

4.3  Corollaries 

Corollary  1  Suppose  that  a  correct  Byzantine  consensus  algorithm  exists  for  G(V,£).  Then  size 
of  set  V  (i.e.,  n)  must  he  at  least  3/  +  1. 

Proof:  Since  n  >  3/  +  1  is  a  necessary  condition  for  Byzantine  consensus  for  undirected  graphs 
[5],  it  follows  that  n  >  3/  +  1  is  also  necessary  for  directed  graphs.  This  necessary  condition  can 
also  be  derived  from  Theorem  1  as  follows. 

For  /  =  0,  the  corollary  is  trivially  true.  Now  consider  /  >  0.  The  proof  is  by  contradiction. 
Suppose  that  n  <  3/.  As  stated  previously,  we  assume  n  >  2,  since  consensus  for  n  =  1  is  trivial. 
Partition  V  into  three  subsets  L,R,F  such  that  |F|  <  /,  0  <  \L\  <  /,  and  0  <  \R\  <  f.  Such  a 
partition  can  be  found  because  2  <  |V|  <  3/.  Define  C  =  <f>.  Since  L,R  are  both  non-empty,  and 
contain  at  most  /  nodes  each,  we  have  LU  C  R  and  RU  C  yl-  L,  violating  Theorem  1.  □ 

Corollary  2  For  /  >  0,  suppose  that  a  correct  Byzantine  consensus  algorithm  exists  for  G(V,£). 
Then  each  node  must  have  at  least  2/  +  1  incoming  neighbors. 

Proof:  The  proof  is  by  contradiction.  Suppose  that  for  some  node  i.  the  number  of  incoming 
neighbors  of  i  is  at  most  2/.  Partition  V  —  {?’}  into  two  sets  L  and  F  such  that  L  is  non-empty  and 
contains  at  most  /  incoming  neighbors  of  i,  and  |Fj  <  /.  It  should  be  easy  to  see  that  such  L,F 
can  be  found. 

Define  C  =  4>  and  R  =  {?'}.  Then,  since  /  >  0  and  \R\  =  1,  it  follows  that 

RAC 

Also,  since  L  contains  at  most  /  incoming  neighbors  of  node  i,  and  set  R  contains  only  node  i , 

LUC^R 

The  above  two  conditions  violate  the  condition  in  Theorem  1.  □ 
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Corollary  3  For  f  >  0,  suppose  that  the  graph  G{V,6)  satisfies  the  condition  in  Theorem  1,  and 
|V|  =  n  =  3/  +  1.  Then  for  any  pair  of  nodes  i,j  €  V,  either  ( i,j )  €  £,  or  there  exist  at  least  2/  +  1 
disjoint  (i,j) -paths  in  G(V,£). 

Proof:  The  proof  is  by  contradiction.  Suppose  that  there  exist  two  nodes  i  and  j  such  that 
(i,j)  £■  and  there  are  at  most  2/  node-disjoint  paths  from  i  to  j  in  G.  Then  according  to 

Menger’s  theorem  [8],  there  must  exist  a  set  of  nodes  P  C  V  —  ({*}  U  {j})  such  that  |P|  <  2/,  and 
all  (i,j)-paths  contain  at  least  one  node  in  P. 

Define  sets  X,  Y  and  Z  as  follows: 

•  k  E  X  iff  there  exists  a  (i,  /c)-path  excluding  P.  i  £  X,  thus  X  is  non-empty. 

•  k  G  Y  iff  there  exists  a  (k,j)~ path  excluding  P.  j  €  Y,  thus  Y  is  non-empty. 

•  Z  =  V  -  X  -Y  -  P. 

Observe  that  P  is  disjoint  from  X,  Y,  Z  by  definition,  and  Z  is  disjoint  from  X,  Y,  P  also  by 
definition.  Further,  X  and  Y  are  disjoint.  Suppose  not,  then  there  exists  a  node  iGlnf.  Then, 
by  definition  of  X  and  Y,  there  exists  a  (?',  j)-path  excluding  P  via  x,  violating  the  definition  of  P. 
Thus,  X  fl  Y  =  <J>.  Hence,  X,  Y,  Z,  P  form  a  partition  of  V.  Observe  that  there  are  no  links  from 
nodes  in  X  to  nodes  in  Yfi  no  links  from  nodes  in  Z  to  nodes  in  Yj  and  and  no  links  from  X  to 
nodes  in  Z.8 

Consider  the  following  cases: 

•  \y\  <  /:  In  this  case,  define  F  to  be  a  subset  of  V  such  that  \F\  =  /,  and  if  |P|  >  /  then 

TCP,  else  PCP.  Define  R  =  Y ,  L  =  V  —  F  —  R,  and  C  =  <3?.  By  definition  of  X ,  Y.  P  it 

follows  that  all  the  incoming  neighbors  of  R  are  either  in  FflPor  in  L  n  P.  By  definition  of 
P  and  the  constraint  that  |P|  <  2/,  it  follows  that  |LnP|  <  /.  Therefore,  LUC  R.  Also, 
because  |P|  =  |T|  <  /,  we  have  PU  C  L. 

•  /  <  |y|  <  2/  and  |P|  <  /:  Define  P  such  that  \F\  =  f  and  PCD.  Define  R  =  Y  —  P, 
L  =  V  —  P  —  R,  and  C  =  3>.  Observe  that  |P|  =  |T|  —  /  <  /.  Therefore,  EUC^L.  Also, 
Y  =  R  U  P.  Thus,  L  =  X  U  Z  U  P.  There  are  no  links  from  the  nodes  in  X  U  Z  to  the  nodes 
in  Y,  and  therefore,  no  links  from  the  nodes  in  X  U  Z  to  the  nodes  in  R.  Thus,  the  only 
incoming  neighbors  of  R  that  are  also  in  L  are  in  P.  Since  |P|  <  /,  the  number  of  incoming 
neighbors  of  R  in  L  is  at  most  /.  Also,  C  =  <3?.  Therefore,  L  U  C  ^  R. 

•  f  <  \Y\  <  2/  and  /  <  |P|  <  2/:  Define  P  such  that  \F\  =  /  and  contains  |P|  —  /  nodes  in 

P  and  2/  —  |P|  nodes  in  Y .  Define  R  =  Y  —  F,L  =  V  —  F  —  R,  and  C  =  <h.  Observe  that 

|P|  =  |v|  —  |P|  —  |X|  —  \Z\,  and  thus,  \R\  =  |T|-(2/-|P|)  =  3/+l-|P|-|X|-|Z|-(2/-|P|)  = 
/  +  1  —  \X\  —  \Z\.  Since  i  €  X,  and  is  non-empty,  \R\  <  f .  Thus,  RLi  C  4*  P-  Also, 
L  =  IU2U(P-P).  There  are  no  links  from  the  nodes  inlUZ  to  the  nodes  in  Y .  Since 
EC7,  there  are  no  links  from  the  nodes  in  All Z  to  the  nodes  in  R.  Thus,  the  only  incoming 
neighbors  of  R  that  are  also  in  L  are  in  P  —  P.  Since  \P  —  F\  =  |P|  —  (\P\  —  /)  =  /.  Hence, 
LUC  ^  R. 

6Else  there  would  be  a  (*,  j)-path  excluding  P. 

7Else  there  would  be  a  path  from  Z  to  j,  violating  the  definition  of  Y  and  Z. 

8Else  there  would  be  a  path  from  i  to  Z,  violating  the  definition  of  A'  and  Z . 
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•  |T|  >  2/  and  \P\  <  f:  Define  F  such  that  |F|  =  /  and  F  C  Y .  Define  R  such  that  \R\  =  f 
and  R  C  (Y  —  F ).  This  is  possible,  since  |y|  >  2/.  Then,  define  L  =  V  —  F  —  R,  and  C  =  T. 
By  definition,  \R\  =  /.  Therefore,  R  U  C  L.  Also,  there  are  no  links  from  the  nodes  in 
X  U  Z  to  the  nodes  in  R.  Thus,  the  only  incoming  neighbors  of  R  that  are  also  in  L  are  in 
P  U  (V  —  F  —  R).  Note  that  \P  U  Y\  <  3/,  since  n  =  3/  +  1  and  X  is  non-empty.  Hence, 
\P  U  (Y  —  F  —  R)\  =  \P  U  Y\  —  \F  U  R\  <  3/  —  2/  =  /.  Hence,  L  U  C  ^  R. 

•  \Y\  >  2/  and  |P|  >  /:  This  case  is  not  possible  because  FflP  =  $,  and  n  =  3/  +  1. 

In  each  case  above,  we  have  found  a  partition  of  the  graph  that  violates  the  necessary  condition 
stated  in  Theorem  1.  Thus,  Corollary  3  must  be  true. 

□ 


5  Sufficiency  Proof:  Preliminaries 

When  /  =  0,  all  the  nodes  are  fault-free,  and  the  proof  of  sufficiency  is  trivial.  The  necessary 
condition  for  /  =  0  implies  that  there  must  exist  at  least  one  node,  say  node  i,  that  has  directed 
paths  to  all  the  remaining  nodes  in  the  network.  Then  consensus  can  be  achieved  simply  by  node 
i  routing  its  input  to  all  the  other  nodes,  and  adopting  node  V s  input  as  the  output  for  consensus. 

In  the  rest  of  our  discussion  below,  we  will  assume  that  /  >  0.  We  will  show  that  the  necessary 
conditions  in  Theorems  1  and  2  are  also  sufficient  by  providing  an  algorithm  that  achieves  exact 
consensus  in  any  graph  that  satisfies  those  conditions.  In  the  rest  of  the  discussion,  we  assume 
that  graph  G{V,£)  satisfies  the  conditions  in  Theorems  1  and  2,  even  if  this  is  not  stated  explicitly 
elsewhere  below  (recall  that  the  two  necessary  conditions  are  equivalent).  Also,  by  Corollaries  1 
and  2,  n  >  3/,  and  the  number  of  incoming  neighbors  of  each  node  is  at  least  2/  +  1. 

In  this  section,  we  first  introduce  some  definitions  that  are  useful  in  the  presentation  of  the 
algorithm. 

Definition  3  Graph  decomposition:  Let  H  be  a  subgraph  of  G(V,£).  Partition  graph  H  into 
non-empty  strongly  connected  components,  H\,H2,  •  •  •  ,  H where  h  is  a  non-zero  integer  dependent 
on  graph  H,  such  that  nodes  i,j  €  H^  if  and  only  if  there  exist  ( i,j )-  and  (j,i) -paths  both  excluding 
nodes  outside  H},. 

Construct  a  graph  Hd  wherein  each  strongly  connected  component  Hi,  above  is  represented  by 
vertex  Cf,,  and  there  is  an  edge  from  vertex  q,  to  vertex  ci  if  and  only  if  the  nodes  in  H}.  have 
directed  paths  in  H  to  the  nodes  in  Hi . 

It  is  known  that  the  decomposition  graph  H<1  is  a  directed  acyclic  graph  [1], 

Definition  4  Source  component:  Let  H  be  a  directed  graph,  and  let  Hd  be  its  decomposition  as 
per  Definition  3.  Strongly  connected  component  Hj,  of  H  is  said  to  be  a  source  component  if  the 
corresponding  vertex  Ck  in  Hd  is  not  reachable  from  any  other  vertex  in  Hd . 

Definition  5  Reduced  Graph:  For  a  given  graph  G{ V,£),  and  sets  F  C  V,  F\  C  V  —  F,  such 
that  |F|  <  /  and  |T\|  <  /,  reduced  graph  Gf,f1(Vf,f1,£f,Fi )  is  defined  as  follows:  (i)  Vf.Fi  =  V—F, 
and  (ii)  £f,Fi  is  obtained  by  removing  from  £  all  the  links  incident  on  the  nodes  in  F ,  and  all  the 
outgoing  links  from  nodes  in  F\ .  That  is,  £f,f1  =  £  —  {(*,  j)  \  i  €  F  or  j  €  F}  —  {( i,j )  |  i  €  F\}. 
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Theorem  3  Suppose  that  graph  G(V,£)  satisfies  the  condition  in  Theorem  1.  For  graph  G(V,£), 
every  reduced  graph  obtained  as  per  Definition  5  must  contain  exactly  one  source  component. 

Proof:  Consider  F  C  V,  F\  C  V  —  F  such  that  \F\  <  /  and  |L\|  <  /,  as  specified  in  Definition  5. 
Since  F  is  a  strict  subset  of  V,  the  reduced  graph  GV,Fi  contains  at  least  one  node;  therefore,  at 
least  one  source  component  must  exists  in  G p, p1 .  We  now  prove  that  Gf,Fi  cannot  contain  more 
than  one  source  component.  The  proof  is  by  contradiction.  Suppose  that  the  reduced  graph  Gf,Fi 
includes  at  least  two  source  components. 

Let  the  sets  of  nodes  in  two  such  source  components  of  Gf,Fi  be  denoted  L  and  R,  respectively. 
Let  C  =  V  —  F  —  L  —  R.  Observe  that  L,  R,  C,  F  form  a  partition  of  the  nodes  in  V.  Since  L  is 
a  source  component  in  GV.Fi  it  follows  that  there  are  no  directed  links  in  £f,f'  from  any  node  in 
CD  R  to  the  nodes  in  L.  Similarly,  since  R  is  a  source  component  in  Gf,Fi  it  follows  that  there  are 
no  directed  links  in  £f,F\  from  any  node  in  L  U  C  to  the  nodes  in  R.  These  observations,  together 
with  the  manner  in  which  £f,f1  is  defined,  imply  that  in  G(V,£):  (i)  set  L  has  at  most  /  distinct 
incoming  neighbors  in  C  U  R,  and  (ii)  set  R  has  at  most  /  distinct  incoming  neighbors  in  L  U  C. 

Therefore,  in  graph  G(V,  £ ),  CUR  fi?  L  and  LUC  fi-  R,  contradicting  the  condition  in  Theorem 
1.  Thus,  Gp,F'  must  contain  exactly  one  source  component.  □ 

Corollary  4  Suppose  that  graph  G(V,£)  satisfies  the  condition  in  Theorem  1.  For  any  F  C  V  and 
F\  C  V  —  F,  such  that  |F|  <  /  and  |Fi|  <  /,  let  S  denote  the  set  of  nodes  in  the  source  component 
of  G'f.Fi  ■  Then, 

V—F 

S  v~i  V-F-S 

Proof:  Since  G f, Fi  contains  non-zero  number  of  nodes,  its  source  component  S  must  be  non¬ 
empty.  If  V  —  F  —  S  is  empty,  then  the  corollary  follows  trivially  by  Definition  2.  Suppose  that 
V  —  F  —  S  is  non-empty.  Since  S  is  a  source  component  in  Gf,Fd  it  has  no  incoming  neighbors  in 
G f, Fi ;  therefore,  all  of  the  incoming  neighbors  of  S  in  V  —  F  in  graph  G(V,£)  must  belong  to  F\. 
Since  \F\  \  <  f ,  we  have, 

{V-S-F)£S 

Lemma  2  then  implies  that 

SVVF  V-F-S 


□ 

Definition  6  For  F  C  V,  graph  G-f  is  obtained  by  removing  from  G(V,£)  all  the  nodes  in  F, 
and  all  the  links  incident  on  nodes  in  F . 

Lemma  6  For  any  F  C  V,  F\  C  V  —  F,  such  that  |F|  <  /,  |Fi|  <  f : 

•  The  source  component  of  G'f.F]  is  strongly  connected  in  G-f- 

•  The  source  component  of  Gf.Fi  does  not  contain  any  nodes  in  F\. 
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Proof:  By  Definition  3,  each  pair  of  nodes  i,j  in  the  source  component  of  graph  Gf,f1  has  at 
least  one  (i,j)~ path  and  at  least  one  (j,  i)-path  consisting  of  nodes  only  in  Gf,Fi,  he.,  excluding 
nodes  in  F. 

Since  F\  C  V  —  F,  G f.Fi  contains  other  nodes  besides  F\ .  Although  nodes  of  F\  belong  to 
graph  Gf,Fh  the  nodes  in  F\  do  not  have  any  outgoing  links  in  Gf,f1 ■  Thus,  any  node  in  F\  cannot 
have  paths  to  any  other  node  in  Gf^Fx-  Then,  due  to  the  connetedness  requirement  of  a  source 
component,  it  follows  that  no  nodes  of  F\  can  be  in  the  source  component. 

□ 

Theorem  4  Suppose  that  a  correct  Byzantine  consensus  algorithm  exists  for  G(V,£).  Then  the 
following  condition  must  hold: 

For  any  F  C  V  and  Fx  C  V  —  F  such  that  |Fj  <  f  and  \FX\  <  f ,  let  S  be  the  source  component 
in  the  reduced  graph  Gf,fx  as  per  Definition  5.  For  any  F'  C  V  —  F  with  |F'|  <  f ,  for  every  node 
i  6  V  -  F  —  F'  —  S,  there  exists  in  G(V,£)  a  ( S,i)-path  excluding  F  U  F' .  Note  that  F'  may  or 
may  not  equal  to  Fx. 

Proof:  We  prove  this  theorem  by  showing  that  the  condition  in  Theorem  1  implies  the  condition 
in  Theorem  4.  The  proof  is  by  contradiction.  Suppose  that  the  condition  in  Theorem  4  is  not 
true.  Then  there  exist  F  C  V,  Fx  C  V  —  F,  and  F'  C  V  —  F ,  with  |F|  <  /,  \FX\  <  /,  |F'|  <  /, 
and  S  being  the  the  source  component  of  Gf,fx,  such  that  in  graph  G(V,£)  there  is  no  (S,  i)-path 
excluding  F  Li  F'  for  some  node  i€  V  -  F  —  F'  —  S.  Now,  let  us  define 

•  L  =  S. 

L  is  non-empty  due  to  the  definition  of  source  component. 

•  R  =  {j\jeV-F-F'  and  there  exists  (j,  z)-patli  excluding  F  U  F'}. 

Node  i  €  R  by  the  definition  of  (i,  i)-path,  and  thus,  R  is  also  non-empty. 

•  C  =  V  —  F— L  —  R. 

Observe  that  F,L,R,C  are  disjoint  and  together  form  partition  of  G  such  that  \F\  <  /,  and 
L,  R  are  non-empty. 

Recall  that  by  definition,  the  source  component  does  not  have  any  incoming  neighbors  in  Gf,fx 
from  V  —  F  —  S  =  V  —  F  —  L  =  CUR.  Therefore,  in  G(V,  £),  C  U  R  ^  L. 

Then,  we  make  the  following  two  observations: 

•  S  O  R  =  4>;  otherwise,  there  is  a  (5,  i)-path  excluding  F  U  F' ,  violating  the  assumption. 

•  For  any  s  €  S  and  j  €  R ,  (s,j)  fL  £\  otherwise,  there  is  a  (S,  i)-path  excluding  F  U  F', 
violating  the  assumption. 

•  For  any  pair  of  nodes  c  €.  C  —  F'  and  r  €  R,  (c,r)  fL  £\  otherwise,  there  is  a  (c,  z)-path 
excluding  F  Li  F'  via  node  r,  violating  the  definition  of  R. 

Therefore,  all  the  incoming  neighbors  of  set  R  in  V  —  F  are  contained  in  F' .  Since  \F'\  <  /, 
LUC^  R. 
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Thus,  the  partition  L,R,C,F  contradicts  the  condition  in  Theorem  1. 


□ 


Now,  we  show  that  the  condition  in  Theorem  4  is  sufficient. 

Lemma  7  Assume  that  graph  G(V,£)  satisfies  the  condition  in  Theorem  4 ■  Then  it  also  satisfies 
the  condition  in  Theorem  1. 

Proof:  The  proof  is  by  contradiction.  Suppose  that  G(V,£)  does  not  satisfy  the  condition  in 
Theorem  1.  Then  there  exists  a  partition  L,R,C,F  of  V,  where  L,R  are  non-empty  and  \F\  <  f 
such  that  L  U  C  yl-  R,  and  RU  C  ^4  L.  That  is, 

•  There  exists  Fr  C  LU  C  such  that  \Fr\  <  /,  and  there  is  no  (L U  C,  i)-path  excluding  FUFr 
for  all  i  €  R,  and 

•  There  exists  Fr  C  RUG  such  that  \Fr\  <  f.  and  there  is  no  (RU  C,  j)-path  excluding  FUFr 
for  all  j  €  L. 

Note  that  Fr  may  or  may  not  overlap  with  Fr. 

Now,  consider  a  reduced  graph  Gf,fr ■  Since  there  is  no  (L  U  C,  i)-path  excluding  FL)  Fr  for  all 
i  €  R,  the  corresponding  source  component  S'  is  a  subset  of  R.  This  observation  and  the  definition 
of  Fr  imply  that  there  is  no  (S,  j)-path  excluding  F  Li  Fr  for  any  j  €  L.  This  contradicts  the 
condition  in  Theorem  4.  □ 


The  necessary  conditions  in  Theorems  1,  2  and  4  are  thus  equivalent.  In  the  next  section,  we 
will  prove  that  these  conditions  are  sufficient  as  well. 


6  Algorithm  BC 

We  now  present  a  new  algorithm,  named  Algorithm  BC,  and  prove  that  it  correctly  achieves 
Byzantine  consensus.  As  shown  below  in  the  pseudo-code  of  Algorithm  BC,  the  algorithm  consists 
of  two  loops,  an  OUTER  loop,  and  an  INNER  loop.  The  OUTER  loop  of  the  algorithm  considers 
each  subset  F  of  V  such  that  |E|  <  /.9  For  each  such  F.  the  INNER  loop  examines  each  partition 
A,  B  of  V  —  F  such  that  A,  B  are  both  non-empty.  For  each  such  partition  A,  B,  a  non-empty  set 
S  is  identified  such  that  S  C  V  —  F,  and 

SVA>f  V-F-S 

The  INNER  loop  uses  sub-algorithms  Propagate  and  Equality.  These  sub-algorithms  make  use  of 
some  state  maintained  by  the  nodes.  We  first  discuss  the  node  state,  followed  by  the  sub-algorithms. 

6.1  Node  State 

Each  node  i  maintains  two  state  variables  that  are  explicitly  used  in  our  algorithm:  V{  and  t{.  Each 
node  will  have  to  maintain  other  states  as  well  (such  as  the  routes  to  other  nodes),  however,  we  do 
not  introduce  additional  notation  for  that. 

9It  also  suffices  to  perform  the  outer  loop  for  lEI  =  /. 
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•  Variable  vf.  Initially,  Vi  at  any  node  i  is  equal  to  the  input  at  node  i.  During  the  course  of  the 
algorithm,  Vi  at  a  node  i  may  be  updated  several  times.  Value  V{  at  the  end  of  the  algorithm 
represents  node  V s  decision  (or  output)  for  the  Byzantine  consensus  problem.  The  output  at 
each  node  is  either  0  or  1. 

At  any  time  during  the  execution  of  the  algorithm,  the  value  Vi  at  node  i  is  said  to  be  valid 
if  either  of  the  following  two  conditions  is  true: 

—  Vi  =  0,  and  at  least  one  fault-free  node  has  input  equal  to  0 

—  Vi  =  1,  and  at  least  one  fault-free  node  has  input  equal  to  1 

Initial  value  Vi  at  a  fault-free  node  i  is  valid  because  it  equals  its  own  input.  Algorithm  BC 
ensures  that  Vi  at  a  fault-free  node  i  always  remains  valid  throughout  the  execution  of  the 
algorithm. 

•  Variable  tt:  Variable  ti  at  any  node  i  may  take  a  value  in  {0, 1,  _L},  where  _L  is  distinguished 
from  0  and  1.  The  Propagate  and  Equality  procedures  take  ti  at  participating  nodes  i  as 
input,  and  may  also  modify  ti.  Under  some  circumstances,  Vi  at  node  i  is  set  equal  to  ti  in 
order  to  update  ty.  We  will  discuss  this  in  detail  below. 


6.2  Procedure  Propagate(S',  B) 

Propagate(5,  B)  assumes  that  SCV  -  F,  BCV  -  F,  S  (1  B  =  &  and  S  B. 


Propagate(5,  B) 


■y _ p 

(1)  Since  S  B,  for  each  i  €  B,  there  exist  /  +  1  disjoint  (5,  i)-paths  that  exclude  F.  The 
source  of  each  of  these  paths  is  in  S';  on  each  path,  the  corresponding  source  node,  say  node  s, 
sends10  t,s  to  node  i  along  the  corresponding  path.  Intermediate  nodes  on  these  paths  forward 
received  messages  as  necessary. 

When  a  node  does  not  receive  an  expected  message,  the  message  content  is  assumed  to  be  _L. 

(2)  When  any  node  i  £  B  receives  /  +  1  values  along  the  /  +  1  disjoint  paths  above:  if  the  /  +  1 
values  are  all  equal  to  0,  then  U  :=  0;  else  if  the  /  +  1  values  are  all  equal  to  1,  then  t,;  :=  1; 
else  ti  :=_L. 

(Note  that  :=  denotes  the  assignment  operator.) 

For  all  j  0  B,  tj  is  not  modified  during  Propagate(S',  B).  Also,  for  all  k  €  V,  Vk  is  not  modified 
during  Propagate(5,  B). 


10A11  the  nodes  are  aware  of  the  “schedule”  used  for  such  transmissions,  which  is  considered  a  part  of  the  algorithm 
specification. 
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Algorithm  BC 

(OUTER  LOOP) 

For  each  FcV,  where  |F|  <  /  <  0: 

(INNER  LOOP) 

V—F 

For  each  partition  A,  B  of  V  —  F  such  that  A ,  B  are  non-empty,  and  A  B: 

STEP  1  of  INNER  loop: 

,  V-F  V~F 

•  Case  1:  A  B  and  B  A: 

•y _ jp 

Let  non-empty  set  S  C  A  be  a  set  such  that  S  V  —  F  —  S,  and  S  is  strongly 
connected  in  G-f- 

(a)  For  all  i  €  S,  ti  :=  v\ 

(b)  Equality(S) 

(c)  Propagate(S,  V  —  F  —  S) 

(d)  At  each  j  €  V  —  F  —  S:  if  tj  /T,  then  Vj  :=  tj 

•  Case  2:  A  B  and  B  V-wF  A: 

V—F 

Let  non-empty  set  S  C  A  U  B  be  a  set  such  that  S  V  —  F  —  5,  5  is  strongly 
connected  in  G-f,  and  A  -w  (5  —  A).  Either  5  0  A  or  S  0  B  is  non-empty.  Without 
loss  of  generality,  suppose  that  S  0  A  is  non-empty. 

(e)  For  all  nodes  i  €  A:  L:  =  U 

(f)  Propagate(A,  5  —  A) 

(g)  Equality(S) 

(h)  Propagate(S',  V  —  F  —  5) 

(i)  At  each  j  €  V  —  F  —  (A  O  S'):  if  tj  /T,  then  Vj  :=  tj 
STEP  2  of  INNER  loop: 

(j)  Each  node  UF  receives  vj  from  each  j  G  TV^,  where  N k  is  a  set  consisting  of  /  +  1  of 
fc’s  incoming  neighbors  in  V  —  F.  If  all  the  received  values  are  identical,  then  Vf.  is  set 
equal  to  this  identical  value;  else  Vk  is  unchanged. 


Figure  1:  Algorithm  BC  (for  /  >  0):  In  the  pseudo-code,  :=  denotes  the  assignment  operator. 
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6.3  Equality(A) 


Equality(A)  assumes  that  A  C  V  —  F,  and  that  for  each  pair  of  nodes  i,j  £  A,  an  (i,j)-path 
excluding  F  exists.  That  is,  A  is  strongly  connected  in  G-f  ( G-f  is  defined  in  Definition  6). 


Equality(A) 


(1)  Each  node  i  £  A  sends  tt  to  all  other  nodes  in  A  along  paths  excluding  F. 

(2)  Each  node  j  £  A  thus  receives  messages  from  all  nodes  in  A.  Node  j  checks  whether  values 
received  from  all  the  nodes  in  A  and  its  own  tj  are  all  equal,  and  also  belong  to  {0, 1}.  If 
these  conditions  are  not  satisfied,  then  tj  :=_L;  otherwise  tj  is  not  modified. 

For  any  node  k  0  A.  tk  is  not  modified  in  Equality(A).  For  any  node  k  £  V,  Vk  is  not  modified  in 
Equal  ity(A). 


6.4  INNER  Loop 

For  each  F  chosen  in  the  OUTER  loop,  the  INNER  loop  of  Algorithm  BC  examines  each  partition 

■y _ jp 

A,B  of  V  —  F  such  that  A,  B  are  both  non-empty.  From  Theorem  2,  we  know  that  either  A  B 

•^7 _ jp  ^7 _ jp 

or  B  A.  Therefore,  with  renaming  of  the  partitions  we  can  ensure  that  A  B.  Then, 
depending  on  the  choice  of  A,  B ,  F,  two  cases  may  occur: 

V-F  V-F 

•  Case  1:  A  B  and  B  -/>  A 

•  Case  2:  A  B  and  B  A 

Now  we  will  show  that  a  suitable  set  S  as  required  in  each  case  in  Algorithm  BC  exists: 

V-f  V~F  V~F 

•  Case  1:  A  B  and  B  ■/*  A:  Since  B  -/>  A,  by  Lemma  3,  there  exist  non-empty  sets 
A' ,  B'  that  form  a  partition  ot  AG  B  =  V  —  F  such  that  A'  £  A  and 

B'  £  A' 


Let  F\  be  the  set  of  incoming  neighbors  of  A ’  in  B' .  Since  B'  A! ,  |Ei|  <  /.  Then  A /  has  no 
incoming  neighbors  in  G\f,Fi-  Therefore,  the  source  component  of  Gf,f 1  must  be  contained 
within  A' .  Let  S  denote  the  set  of  nodes  in  this  source  component.  Since  S  is  the  source 
component,  by  Corollary  4, 

S  v£>f  V  -  S  -  F. 

Since  S  C  A’  and  A’  C  A,  S  C  A.  Then,  B  C  (Au  B)  -  S  =  V  -  S  -  F,  therefore,  V  —  S  —  F 

•y _ p 

is  non-empty.  Also,  since  S  V  —  S  —  F ,  set  S  must  be  non-empty  (by  Lemma  1).  By 
Lemma  6,  S  is  strongly  connected  in  G-f- 

•  Case  2:  A  B  and  B  A: 

Since  |V|  =  n  >  3/,  \A  U  B\  =  |V  —  F\  >  2 /.  In  this  case,  we  pick  a  non-empty  set 
FiCAuB  =  V  —  F  such  that  |Fi|  =  /,  and  find  the  source  component  of  G  f.Fi  ■  Let,  the 
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set  of  nodes  in  the  source  component  be  denoted  as  S.  Since  S  is  the  source  component,  by 
Corollary  4, 

SV*F  V-F-S 

Also,  since  A  B,  and  (S  —  A)  C  B,  we  have  A  V  (S  —  A).  Also,  since  V  —  S  —  F 

V—F 

contains  F\,  V  —  S  —  F  is  non-empty,  and  since  S  V  —  S  —  F,  set  S  must  be  non-empty 
(by  Lemma  1).  By  Lemma  6,  S  is  strongly  connected  in  G-f- 

Now  consider  nodes  in  set  F.  As  shown  in  Corollary  2,  when  /  >  0,  each  node  in  V  has  at  least 
2/  +  1  incoming  neighbors.  Since  \F\  <  /,  for  each  k  €  F  there  must  exist  at  least  /  +  2  incoming 
neighbors  in  V  —  F.  This  satisfies  the  requirement  in  step  (j)  of  Algorithm  BC. 

6.5  Correctness  of  BC 

In  the  discussion  below,  assume  that  F*  is  the  set  of  faulty  nodes  in  the  network  (0  <  \F*\  <  f 
and  0  <  /). 

When  discussing  a  certain  iteration  of  the  INNER  loop,  we  sometimes  add  superscript  start  and 
end  to  Vi  for  node  i  below  to  indicate  whether  we  are  refering  to  V{  at  the  start  of  that  iteration, 
or  at  the  end  of  that  iteration. 

Lemma  8  states  that  the  state  Vj  of  any  fault-free  node  j  at  the  end  of  an  iteration  of  the 
INNER  loop  equals  the  state  of  some  fault-free  node  at  the  start  of  that  iteration. 

Lemma  8  For  any  given  iteration  of  the  INNER  loop,  for  all  faidt-free  j  €  V ,  there  exists  a 
fault- free  node  s  such  that  vfjn<^  =  v^tart_ 

Proof:  We  will  first  consider  fault-free  nodes  in  V  —  F  in  each  of  the  two  cases  in  the  INNER 
loop,  and  then  consider  the  fault-free  nodes  in  F. 

Define  set  Z  as  the  set  of  values  for  Vi  at  all  fault-free  i  €  V  at  the  start  of  the  INNER  loop 
iteration  under  consideration. 

Z  =  {vfart  |  ieV-F*  } 


•  Case  1: 

Observe  that,  in  Case  1,  V{  remains  unchanged  for  all  fault-free  hence  the  claim  of  the 

lemma  is  trivially  true  for  fault-free  i  €  S. 

We  will  now  prove  the  claim  for  fault-free  j  €  V  —  F  —  S. 

—  step  (a):  Consider  a  fault-free  node  i  £  S.  At  the  end  of  step  (a),  U  is  equal  to  v^ar‘ ; 
thus  ti  G  Z. 

—  step  (b):  In  step  (b),  Equality(S')  either  keeps  t,  unchanged  at  fault-free  node  i  G  S  or 
modifies  it  to  be  _L.  Thus,  now  t *  €  Z  U  {T}. 

—  step  (c):  Consider  a  fault-free  node  j  €  V  —  F  —  S.  During  Propagate (5,  V  —  F  —  S), 
j  receives  /  +  1  values  along  /  +  1  disjoint  paths  originating  at  nodes  in  S.  Therefore, 
at  least  one  of  the  /  +  1  values  is  received  along  a  path  that  contains  only  fault-free 
nodes;  suppose  that  the  value  received  by  node  j  along  this  fault-free  path  is  equal  to 
a.  As  observed  above  in  step  (b),  tt  at  all  fault-free  nodes  i  €  S  is  in  ZU  {A};  therefore, 
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a  G  ZU  {_L}.  Therefore,  at  node  fault-free  node  j  €  V  —  F  —  5,  Propagate  (S',  V  —  F  —  S) 
will  result  in  tj  G  {a,  1}C2U  {_L} . 

—  step  (d):  Then  it  follows  that,  in  step  (d),  at  fault-free  j  G  V  —  F  —  S,  if  Vj  is  updated, 
then  v fn<^  G  Z.  On  the  other  hand,  if  Vj  is  not  updated,  then  v fn<^  =  v^ai  ^  G  Z. 

J  J  J  J 

•  Case  2: 

Observe  that,  in  Case  2,  Vj  remains  unchanged  for  all  fault-free  j  G  A  n  S. 

Now  we  prove  the  claim  in  the  lemma  for  fault-free  j  G  V  —  F  —  (A  0  S). 

—  step  (e):  For  any  fault-free  node  i  G  A,  at  the  end  of  step  (e),  G  Z. 

—  step  (f):  Consider  a  fault-free  node  m  G  S  —  A.  During  Propagate(S,  S  —  A),  m  receives 
/  +  1  values  along  /  +  1  disjoint  paths  originating  at  nodes  in  A.  Therefore,  at  least 
one  of  the  /  +  1  values  is  received  along  a  path  that  contains  only  fault-free  nodes; 
suppose  that  the  value  received  by  node  m  along  this  fault-free  path  is  equal  to  a  G  Z. 
Therefore,  at  node  m  G  S  —  A,  Propagate(S,  S  —  A )  will  result  in  trn  being  set  to  a  value 
in  {a,  _L}  CZU  {-L}. 

Now,  for  m  G  S  PI  A,  tm  is  not  modified  in  step  (f),  and  therefore,  for  m  G  SC\  A,  tm  G  Z 
(see  discussion  of  step  (e)  above). 

Thus,  we  can  conclude  that,  at  the  end  of  step  (f),  for  all  fault-free  nodes  m  G  S, 
tm  G  Z  U  {-L}. 

—  step  (g):  In  step  (g),  at  each  m  G  S,  Equality (S)  either  keeps  tm  unchanged,  or  modifies 
it  to  be  _L.  Thus,  at  the  end  of  step  (g),  for  all  fault-free  m  G  S,  tm  is  in  Z  U  {T}. 

—  step  (h):  Consider  a  fault-free  node  j  G  V  —  F  —  S.  During  Propagate(S',  V  —  F  —  S ),  j 
receives  /  +  1  values  along  /  +  1  disjoint  paths  originating  at  nodes  in  S.  Therefore,  at 
least  one  of  the  /  +  1  values  is  received  along  a  path  that  contains  only  fault-free  nodes; 
suppose  that  the  value  received  by  node  j  along  this  fault-free  path  is  equal  to  j3.  As 
observed  above,  after  step  (g),  for  each  fault-free  node  m  €  S,  tm  €  Z  U  {T}.  Therefore, 
/3  G  Z  U  {-L},  and  at  node  j  G  V  —  F  —  S,  Propagate(5,  V  —  F  —  S)  will  result  in  tj  being 
set  to  a  value  in  {{3,  i}C2U  {-L}. 

—  step  (i):  From  the  discussion  of  steps  (g)  and  (h)  above,  it  follows  that,  in  step  (i),  if  Vj 
is  updated  at  a  fault-free  j  G  V  —  F  —  (S  n  A),  then  vj G  Z;  on  the  other  hand,  if  Vj 
is  not  modified,  then  vjn ^  =  vj^ar^  G  Z. 

Now  consider  a  fault-free  node  k  G  F.  As  shown  above,  at  the  start  of  step  (j),  vjnt ^  G  Z  at 
all  fault-free  j  G  V  —  F.  Since  at  least  one  of  the  nodes  in  N is  fault-free,  and  of  the  /  +  1  values 
received  by  node  k,  at  least  one  value  must  be  in  Z.  Thus,  if  node  k  changes  Vk  in  step  (j),  then 
the  new  value  will  also  in  Z.  On  the  other  hand,  if  node  k  does  not  change  Vk,  then  it  remains  in 
Z  by  the  definition  of  Z. 

□ 

Lemma  9  Algorithm  BC  satisfies  the  validity  condition  for  Byzantine  consensus. 
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Proof:  Observe  that  for  each  fault-free  i  G  V,  initially,  is  valid,  because  it  is  equal  to  the 
input  at  node  i.  Lemma  8  implies  that  after  each  iteration  of  the  INNER  loop  of  Algorithm  BC, 
Vi  remains  valid  at  each  fault-free  node  i.  Therefore,  when  Algorithm  BC  terminates,  Vi  at  each 
fault-free  node  i  will  satisfy  the  validity  condition  for  Byzantine  consensus.  □ 

Lemma  10  Algorithm  BC  satisfies  the  termination  condition  for  Byzantine  consensus. 

Proof:  Recall  that  we  are  assuming  a  synchronous  system,  and  the  graph  G(V,  £)  is  finite.  Thus, 
Algorithm  BC  performs  a  finite  number  of  iterations  of  the  OUTER  loop,  and  a  finite  number  of 
iteration  of  the  INNER  loop  for  each  choice  of  F  in  the  OUTER  loop,  the  number  of  iterations 
being  a  function  of  graph  G.  Hence,  Algorithm  BC  will  terminate  after  a  bounded  amount  of  time. 

□ 


Lemma  11  Algorithm  BC  satisfies  the  agreement  condition  for  Byzantine  consensus. 

Proof:  Recall  that  F*  denotes  the  set  of  faulty  nodes  in  the  network  (0  <  \F*\  <  /). 

Since  the  OUTER  loop  considers  all  possible  F  C  V  such  that  |F|  <  /,  eventually,  the  OUTER 
loop  will  be  performed  with  F  =  F* . 

In  the  INNER  loop  for  F  =  F*,  different  partitions  A,  B  of  V  —  F  =  V  —  F*  will  be  considered. 
We  will  say  that  such  a  partition  A,B  is  a  “conformant”  partition  if  Vi  =  Vj  for  all  i ,  j  G  A,  and 
Vi  =  Vj  for  all  i,j  G  B.  A  partition  A,B  that  is  not  conformant  is  said  to  be  “non-conformant” . 
Further,  we  will  say  that  an  iteration  is  a  “deciding”  iteration  if  one  of  the  following  condition  is 
true. 


•  The  partition  considered  in  this  iteration  is  conformant. 

•  The  partition  considered  in  this  iteration  is  non-conformant;  however,  in  the  end  of  step 
(b)  of  Case  1,  and  in  the  end  of  step  (g)  of  Case  2,  every  node  in  the  corresponding  source 
component  S  has  the  same  value  t.  That  is,  for  all  i,  j  G  S.  ti  =  tj. 

Note  that  in  both  conditions,  all  the  nodes  in  the  corresponding  source  component  S  has  the 
identical  value  t  in  the  deciding  iteration.  The  iteration  that  is  not  deciding  is  said  to  be  “non¬ 
deciding”  . 

Claim  1  In  the  INNER  loop  for  F  =  F* ,  value  Vi  for  each  faidt-free  node  i  will  stay  unchanged  in 
every  non-deciding  iteration. 

Proof:  Suppose  that  the  iteration  is  non-deciding.  Then  we  will  show  that  the  updated  value 
Vi  stays  unchanged  for  each  fault-free  node  i.  First,  all  the  faulty  nodes  ( F *)  are  excluded,  and 
thus,  during  Equality(S)  (step  (b)  of  Case  1  or  step  (g)  of  Case  2),  each  node  in  S  can  receive 
the  value  from  other  nodes  in  S  correctly.  Then,  every  node  in  S  will  set  value  t  to  be  1  in 
the  end  of  Equality(S),  since  by  the  definition  of  non-deciding  iteration,  there  is  a  pair  of  nodes 
j.  k  G  S  such  that  tj  /  t^.  Hence,  every  node  in  V  —  F  —  S  will  receive  /  +  1  copies  of  _L  after 
Propagate(5,  V  —  F  —  S)  (step  (c)  of  Case  1  and  step  (h)  of  Case  2),  and  will  set  value  t  to  _L. 
Finally,  in  the  end  of  the  iteration,  the  value  v  at  each  node  stays  unchanged,  since  (i)  nodes  in  S 
(in  Case  1)  or  in  A  n  S  (in  Case  2)  will  not  change  value  v  as  specified  by  Algorithm  BC  and,  (ii) 
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ti  =_!_  for  each  node  i  €  V  —  F  —  S  (in  Case  1)  or  for  each  node  i  €  V  —  F  —  (A  n  S).  Note  that 
by  assumption,  there  is  no  fault-free  node  in  F,  and  hence,  we  do  not  need  to  consider  STEP  2. 
Therefore,  the  statement  is  proved.  □ 


Let  us  divide  the  iterations  of  the  INNER  loop  for  F  =  F*  into  three  phases: 

•  Phase  1:  Iterations  of  the  INNER  loop  before  the  first  deciding  iteration 

•  Phase  2:  The  first  deciding  iteration 

•  Phase  3:  Remaining  iterations  of  the  INNER  loop  for  F  =  F* . 

Claim  2  The  INNER  loop  for  F  =  F*  will  eventually  enter  Phase  2. 

Proof:  Recall  that  the  values  are  in  {0, 1},  and  hence,  there  exists  at  least  one  conformant 
partition.  By  Claim  1,  nodes  in  V  —  F  will  not  change  values  during  non-deciding  iterations.  Then, 
since  the  INNER  loop  considers  all  partitions,  the  INNER  loop  will  eventually  consider  either  a 
conformant  partition,  or  a  non-conformant  partition  such  that  every  node  in  the  corresponding 
source  component  S  has  the  same  value  t.  □ 

Now,  let  us  consider  each  phase  separately: 

•  Phase  1:  By  Claim  1,  the  u,  value  at  each  fault-free  node  i  G  V  stays  unchanged. 

•  Phase  2:  Now,  consider  the  first  deciding  iteration  of  the  INNER  loop. 

Recall  that  all  the  nodes  in  V  —  F  =  V  —  F*  are  fault-free.  Let  S  be  the  corresponding  source 
components  in  this  iteration.  We  will  show  that  in  this  iteration,  every  node  in  S  will  have 
the  same  t  value.  Consider  two  scenarios: 

—  The  partition  is  non-conformant:  Then  by  definition  of  deciding  iteration,  we  can  find 
an  a  €  {0, 1}  such  that  Vi  =  a  for  all  i  €  S  after  step  (b)  of  Case  1,  or  after  step  (g)  of 
Case  2. 

—  The  partition  is  conformant:  Let  Vi  =  a  for  all  i  £  A  for  a  £  {0, 1}.  Such  an  a  exists 
because  the  partition  is  conformant. 

*  Case  1:  In  this  case,  recall  that  S  C  A.  Therefore,  after  steps  (a)  and  (b)  both,  tj 
at  all  j  £  S  will  be  identical,  and  equal  to  a. 

*  Case  2:  This  is  similar  to  Case  1.  At  the  end  of  step  (e),  for  all  nodes  i  £  A,  ti  =  a. 
After  step  (f),  for  all  nodes  i  £  <SU  A,  ti  =  a.  Therefore,  after  step  (g),  for  all  nodes 
i  £  S,  U  will  remain  equal  to  a. 

Thus,  it  both  scenarios,  we  found  a  source  component  S  and  a  such  that  for  all  i  £  S,  ti  =  a 
after  step  (b)  of  Case  1  or  after  step  (g)  of  Case  2. 

Then,  consider  the  remaining  steps  in  the  iteration. 

—  Case  1:  During  Propagate(S',  V  —  F  —  S ),  each  node  k  G  V  —  F  —  S  will  receive  /  +  1 
copies  of  a  along  /  +  1  disjoint  paths,  and  set  tk  =  a  in  step  (c).  Therefore,  each  node 
k  €  V  —  F  —  S  will  update  its  Vk  to  be  a  in  step  (d). 
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—  Case  2:  Hence,  after  step  (h),  tj  =  a  for  all  j  £  (V  —  F  —  S)  U  S.  Thus,  each  node 
A;  €  V  —  F  —  (inS1)  will  update  Vk  to  be  a.  Recall  that  any  node  k  €  A  n  S  does  not 
modify  its  Vk,  which  is  already  equal  to  a. 

Thus,  in  both  cases,  at  the  end  of  STEP  1  of  the  INNER  loop,  for  all  k  £  V  —  F  =  V  —  F*, 
Vk  =  a. 

Since  all  nodes  in  F*  are  faulty,  agreement  has  been  reached  at  this  point.  By  Lemma  8,  the 
agreed  value  is  valid  as  well.  Thus,  the  goal  now  is  to  show  that  the  agreement  and  validity 
conditions  are  not  violated  by  actions  taken  in  any  future  iterations  of  the  INNER  loop. 

•  Phase  3:  At  the  start  of  Phase  3,  for  each  fault-free  node  k  GV  —  F*,  we  have  Vk  =  a  £  {0, 1}. 
Then  by  Lemma  8,  all  future  iterations  of  the  INNER  loop  cannot  assign  any  value  other 
than  a  to  any  node  k  £  V  —  F* . 

After  Phase  3  with  F  =  F*,  Algorithm  BC  may  perform  iterations  for  other  choices  of  set  F. 
However,  due  to  Lemma  8,  the  value  at  each  i  £  V  — F*  (i.e.,  all  fault-free  nodes)  continues  being 
equal  to  a.  □ 

Theorem  5  Algorithm  BC  satisfies  validity,  agreement,  and  termination  properties  for  Byzantine 
consensus. 

Proof:  The  theorem  follows  from  Lemmas  9,  10  and  11.  □ 


7  Generalized  Fault  Model 

In  this  section,  we  briefly  discuss  how  to  extend  the  above  results  to  exact  consensus  under  gen¬ 
eralized  fault  model.  The  generalized  fault  model  [6]  is  characterized  using  fault  domain  F  C  2V 
as  follows:  Nodes  in  set  F  may  fail  during  an  execution  of  the  algorithm  only  if  there  exists  set 
F*  £  F  such  that  F  C  F*.  Set  F  is  then  said  to  be  a  feasible  fault  set. 

Definition  7  Set  F  C  V  is  said  to  be  a  feasible  fault  set,  if  there  exists  F*  £  F  such  that  F  C  F* . 

Please  refer  to  our  previous  work  [6]  for  more  discussion  on  generalized  fault  model. 

For  a  set  of  nodes  B,  define  N~(B)  =  {?'  |  (i,j)  £  £,  i  fL  B,  j  £  B},  the  set  of  incoming 
neighbors  of  B. 

Definition  8  Given  F ,  for  disjoint  sets  of  nodes  A  and  B,  where  B  is  non-empty. 

•  ASB  iff  for  every  F*  €  F,  N~(B )  n  A  £  F* . 

.  A^ Biff  AAB  is  not  true. 

With  the  replacement  of  =$-  by  =§>,  Theorem  1  and  4  will  hold  for  the  generalized  fault  model. 

For  the  generalized  fault  model,  the  definition  of  propagation  from  A  to  B  should  be  modified 
as  follows: 
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Definition  9  For  any  partition  A,B,F  of  V  such  that  A,B  are  non-empty  and  F  is  a  feasible 

y _ jp 

fault  set,  A  B  if  for  any  feasible  fault  set  F'  C  V  —  F,  for  every  node  i  G  B  —  F' ,  there  exists 
in  G(V,£)  a  (A,  i)-path  excluding  F  U  F' . 

Then  the  correctness  of  Algorithm  BC  can  be  proved  with  the  following  changes  to  the  algorithm: 

•  Whenever  Algorithm  BC  uses  /  +  1  (S',  i)-paths  in  Propagate(S,  B),  the  new  algorithm  uses 
all  possible  (S,  z)-paths  excluding  F. 

•  Whenever  a  node  i  in  Algorithm  BC  compares  /  +  1  values  received  in  Propagate (S,  B),  in 
the  new  algorithm  node  i  uses  all  values  received  along  all  the  paths  excluding  F  to  decide 
how  to  update  value  t. 

Note  that  by  condition  in  Theorem  4,  it  should  be  easy  to  see  that  the  paths  used  to  propagate 
messages  contains  at  least  one  fault-free  path,  i.e.,  every  node  on  the  path  is  fault-free.  Therefore, 
the  new  algorithm  can  be  shown  to  achieve  termination,  agreement,  and  validity  similarly. 


8  Example  Networks 

In  this  section,  we  introduce  two  different  graphs,  and  use  the  results  in  the  previous  sections  to 
show  that  exact  Byzantine  consensus  can  be  reached  in  these  graphs. 

8.1  1-Core  Network 

Definition  10  A  graph  G(V,£)  consisting  of  n  >  3/  nodes  is  said  to  be  a  1-core  network  if  the 
following  two  properties  are  satisfied: 

•  It  includes  a  clique  formed  by  nodes  in  K  C  V,  such  that  \K\  =  3/  +  1,  as  a  subgraph.  That 
is,  Mi,j  G  K,i  /  j,  ( i,j )  G  £. 

•  Each  node  i  fL  K  has  incoming  links  from  arbitrary  2/  +  1  nodes  in  K .  That  is,  for  each 
v  G  V  —  K ,  there  exists  Kv  C  K  such  that  \KV\  =  2/  +  1,  and  \/u  G  Kv ,  (■ u ,  v)  G  £. 

It  is  easy  to  show  that  a  core  network  satisfies  the  condition  in  Theorem  1. 

There  is  a  simple  consensus  algorithm  for  the  1-core  network:  first  solve  consensus  in  the 
(3/  +  l)-node  clique  using  any  existing  Byzantine  consensus  algorithm  for  cliques;  then  all  the 
nodes  in  the  clique  transmit  their  decision  value  on  all  the  outgoing  links  to  the  nodes  outside  the 
clique;  every  node  outside  the  clique  decides  on  the  majority  of  2/  +  1  values  received  from  the 
nodes  in  the  clique. 

8.2  2-Core  Network 

Definition  11  A  graph  G(V,£)  consisting  of  n  =  6/  +  2  nodes,  where  f  is  a  positive  non-zero 
even  integer,  is  said  to  be  a  2-core  network  if  all  the  following  properties  are  satisfied: 
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•  It  includes  two  disjoint  cliques,  each  consisting  of  3/  + 1  nodes.  Suppose  that  the  nodes  in  the 
two  cliques  are  specified  by  sets  K\,K2,  respectively,  where  K\  =  {ui,U2,---  ,  U3/+1}  C  V, 
and  K?  =  V  —  Ki  =  {wi,u)2,- ■  ■  ,W3f+i} .  Thus,  (v,i,Uj)  €  £  and  (wi,Wj)  G  £ ,  for  1  <  i,j  < 

3/  +  M  +  j- 

•  ( Ui,Wi )  €  £,  for  1  <  i  <  ^jr  and  *  =  3/  +  1. 

•  ( Wi,Ui )  €  £,  /or  ^  +  1  <  i  <  3/  and  i  =  3/  +  1. 

Figure  2  illustrates  the  2-core  network  for  /  =  2.  We  will  show  that  the  2-core  network  satisfies 
the  condition  in  Theorem  2.  We  first  prove  the  following  lemma. 


Lemma  12  Let  A,B,C,F  be  disjoint  subsets  ofV  such  that  |F|  <  /  and  A,B,C  are  non-empty. 
Suppose  that  A  B  and  A  U  B  C .  Then,  A  V-w'  BUC . 

Proof:  The  proof  is  by  contradiction.  Suppose  that 

•  A  B , 

•  A  U  B  C,  and 

V-F 

•  A  -/*  BUC. 

The  first  condition  above  implies  that  |A|  >  /  +  1.  By  Definition  2  and  Menger’s  Theorem  [8],  the 
third  condition  implies  that  there  exists  a  node  v  £  BUC  and  a  set  of  nodes  P  C  V  —  F  —  {u}  such 
that  |P|  <  /  and  all  (^4,n)-paths  excluding  F  contain  at  least  one  node  in  P.  In  other  words,  there 

•^7 _ p 

is  no  (A,  u)-path  excluding  f  UP.  Observe  that,  because  A  B,  v  cannot  be  in  B ;  therefore  v 
must  belong  to  set  C. 

Let  us  define  the  sets  X  and  Y  as  follows: 

•  Node  x  €  X  if  and  only  if  x  €  V  —  F  —  P  and  there  exists  an  [A,  x)-path  excluding  PUP. 
It  is  possible  that  Pfl  A  /  I>;  thus,  the  [A,  .x)-path  cannot  contain  any  nodes  in  P  0  A. 

•  Node  y  €  Y  if  and  only  if  y  €  V  —  F  —  P  and  there  exists  an  (y,  u)-path  excluding  F  U  P. 

By  the  definition  of  X  and  Y,  it  follows  that  for  any  x  €  X,y  €  Y,  there  cannot  be  any  (x,  y)- 

•^7 _ £p 

path  excluding  PUP.  Also,  since  A  B,  for  each  b  €  B  —  P,  there  must  exist  an  ( A , 6) -path 
excluding  PUP;  thus,  B  —  P  C  X,  and  B  C  X  U  P.  Similarly,  A  C  X  U  P,  and  therefore, 
AUBCIUP. 

By  definition  of  X,  there  are  no  (X  U  P,  u)-paths  excluding  PUP.  Therefore,  because  AUF  C 

V-F 

XU  P,  there  are  no  ( A  U  B ,  u)-paths  excluding  PUP.  Therefore,  since  v  €  C,  A  U  B  -/>  C .  This 
is  a  contradiction.  □ 

Lemma  13  Suppose  that  G(V,£)  is  a  2-core  network.  Then  G  satisfies  the  condition  in  Theorem 

2. 
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Figure  2:  A  2-core  network  for  /  =  2.  For  simplicity,  the  edges  in  each  core,  K\  and  K2,  are  not 
presented  in  this  figure.  Note  that  each  core  is  a  clique. 
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Proof:  Consider  a  partition  A,B,F  of  V,  where  A  and  B  are  both  non-empty,  and  \F\  <  f. 
Recall  from  Definition  11  that  K\ ,  K2  also  form  a  partition  of  V. 

Define  A\  =  A  n  AT,  A2  =  A  n  AT,  B\  =  B  n  AT,  B2  =  B  n  K2,  F\  =  F  D  AT  and  F2  =  F  n  K2. 
Define  £'  to  be  the  set  of  directed  links  from  the  nodes  in  AT  to  the  nodes  in  R2,  or  vice-versa. 
Thus,  there  are  v/-  +  1  directed  links  in  £'  from  the  nodes  in  AT  to  the  nodes  in  K2 ,  and  the 
same  number  of  links  from  the  nodes  in  K2  to  the  nodes  in  K\ .  Each  pair  of  links  in  with  the 

exception  of  the  link  pair  between  CI3/+1  and  &3/+1,  is  node  disjoint.  Since  |A|  <  /,  it  should  be 
easy  to  see  that,  at  least  one  of  the  two  conditions  below  is  true: 

(a)  There  are  at  least  /  +  1  directed  links  from  the  nodes  in  K \  —  F  to  the  nodes  in  AT  —  F. 

(b)  There  are  at  least  /  +  1  directed  links  from  the  nodes  in  AT  —  F  to  nodes  the  in  AT  —  F. 

Without  loss  of  generality,  suppose  that  condition  (a)  is  true.  Therefore,  since  \K\  —  F\  >  2f  +  1 

V—F 

and  the  nodes  in  AT  —  F  form  a  clique,  it  follows  that  AT  —  F  AT  —  F .  Then,  because 
AT  —  F  =  A\  U  Bi  and  AT  —  F  =  A2  U  B2,  we  have 

A\  U  B\  A2  U  i?2-  (4) 

| AT  —  A|  >  2/  +  1  also  implies  that  either  |Ai|  >  /  +  1  or  |L>i|  >  /  +  1.  Without  loss  of 
generality,  suppose  that  \A\  \  >  /  +  1.  Then,  since  the  nodes  in  A\  U  B\  form  a  clique,  it  follows 

that  A\V  FA*  Ki  Bi  (recall  that  V  —  F\  —  AT  =  A\  U  B\).  Since  V  —  F±  —  AT  C  V  —  F,  we  have 

Ai  B1  (5) 

(4)  and  (5),  along  with  Lemma  12  imply  that  A\  B\  U  A2  U  i?2-  Therefore,  A\  B\  U  B2, 
and  A\  U  A2  B\  U  L>2-  Since  A  =  A\  U  A2  and  B  =  B\  U  B2,  A  ^  B.  □ 

Interestingly,  the  2-core  network  satisfies  the  necessary  condition  despite  the  fact  that  2/  +  1 
links  are  not  available  in  either  direction  between  the  nodes  in  AT  and  AT- 


9  Conclusion 

This  paper  presents  tight  necessary  and  sufficient  conditions  for  achieving  Byzantine  consensus  in 
synchronous  networks  that  can  be  represented  as  directed  graphs.  We  provide  a  constructive  proof 
of  sufficiency  by  presenting  a  new  Byzantine  consensus  algorithm  for  directed  graphs.  As  briefly 
stated  in  Section  7,  the  necessary  condition  in  Theorem  4  and  Algorithm  BC  can  also  be  applied 
with  the  generalized  fault  model  in  [6].  In  Section  8,  we  also  introduce  two  families  of  graphs  that 
satisfy  the  necessary  and  sufficient  condition  in  Theorem  2. 
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Appendix 

A  Proof  of  Theorem  1 


We  first  describe  the  intuition  behind  the  proof,  followed  by  a  formal  proof.  Intuitively,  if  the  graph 
does  not  satisfy  the  condition  in  Theorem  1,  then  the  faulty  nodes  can  force  the  fault-free  nodes  to 
disagree  with  each  other,  as  follows.  Suppose  that  there  exists  partition  L,  R,  C,  F  where  L ,  R  are 
non-empty  and  |F|  <  /  such  that  C  U  R  yl>  L,  and  L  U  C  yl*  R.  Now,  suppose  that  all  the  nodes  in 
L  have  input  m,  and  all  the  nodes  in  R  U  C  have  input  M,  where  m  ^  M . 

Suppose  that  the  nodes  in  F  are  faulty.  Then  the  the  faulty  nodes  can  behave  to  nodes  in  L 
as  if  nodes  in  R  U  C  Li  F  have  input  rn,  while  behaving  to  nodes  in  R  as  if  nodes  in  L  Li  C  Li  F 
have  input  M.  Since  the  graph  does  not  satisfy  the  condition  in  Theorem  1,  nodes  in  L  cannot 
distinguish  between  the  following  two  scenarios,  where  AT  denotes  the  set  of  incoming  neighbors 
of  L  in  C  U  R: 

•  All  the  nodes  in  AT  are  faulty,  rest  of  the  nodes  are  fault-free,  and  all  the  fault-free  nodes 
have  input  m. 

•  All  the  nodes  in  F  are  faulty,  rest  of  the  nodes  are  fault-free,  and  fault-free  nodes  have  input 
m  or  M . 

In  the  first  scenario,  for  validity,  the  output  at  nodes  in  L  must  be  m.  Therefore,  in  the  second 
scenario  as  well,  the  output  at  the  nodes  in  L  must  be  m. 

Similarly,  nodes  in  R  cannot  distinguish  between  the  following  two  scenarios,  where  Nr  denotes 
the  set  of  incoming  neighbors  of  R  in  C  U  L: 

•  All  the  nodes  in  Nr  are  faulty,  rest  of  the  nodes  are  fault-free,  and  all  the  fault-free  nodes 
have  input  M. 

•  All  the  nodes  in  F  are  faulty,  rest  of  the  nodes  are  fault-free,  and  fault-free  nodes  have  input 
m  or  M . 

In  the  first  scenario,  for  validity,  the  output  at  nodes  in  R  must  be  M.  Therefore,  in  the  second 
scenario  as  well,  the  output  at  the  nodes  in  R  must  be  M. 

Thus,  in  the  case  when  the  nodes  in  F  are  faulty,  nodes  in  L  and  R  can  be  forced  to  decide  on 
distinct  values,  violating  the  agreement  requirement. 

Now  we  present  a  formal  proof  of  Theorem  1. 


Proof:  The  proof  is  by  contradiction.  Suppose  that  a  correct  Byzantine  consensus  algorithm  (say 
ALGO)  exists,  and  there  exists  a  partition  such  that  C  U  R  L  and  L  U  C  R.  Thus,  L  has 
at  most  /  incoming  neighbors  in  R  U  C .  and  R  has  at  most  /  incoming  neighbors  in  L  U  C.  We 
further  assume  that  the  nodes  in  F  (if  F  is  non-empty)  are  all  faulty,  and  the  remaining  nodes  (in 
L ,  C,  R)  are  all  fault-free. 

Let  us  assume  that  the  behavior  of  each  node  i  6  V  when  using  ALGO  can  be  modeled  by  a 
state  machine.  We  construct  an  augmented  network  N  with  the  following  properties:11 

11  We  use  italic  letters  for  entities  in  G(V,  £),  and  non-italic  letters  for  entities  in  A f. 
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•  For  each  node  r  in  R,  there  are  two  copies  in  A f.  The  two  copies  are  named  r  and  r2.  The 
two  nodes  r  and  r2  in  AT  are  copies  of  r  in  the  sense  that  the  corresponding  two  nodes  have 
identical  state  machine  as  r. 

•  For  each  node  l  £  L,  there  are  two  copies  in  A f.  The  two  copies  are  named  1  and  11. 

•  For  each  node  k  £  F,  there  are  two  copies  in  Af.  The  two  copies  are  named  kl  and  k2. 

•  For  each  node  c  £  C,  there  are  three  copies  in  Af.  The  three  copies  are  named  c,  cl  and  c2. 

The  communication  links  in  Af  are  derived  using  the  communication  graph  G (V,£).  In  partic¬ 
ular,  if  node  i  has  a  link  to  node  j  in  G,  then  a  copy  of  node  j  in  Af  will  have  a  link  from  one  copy 
of  node  i  in  Af. 

On  the  other  hand,  if  link  (i.  j)  £  £  then  one  copy  of  node  i  in  Af  may  have  links  to  multiple 
copies  of  node  j  in  Af.  This  should  be  viewed  as  a  “broadcast”  operation  that  is  being  simulated 
unbeknownst  to  the  state  machines  for  the  corresponding  nodes  in  Af.  The  same  technique  of 
broadcast  operation  has  also  been  used  in  [3,  4],  Exactly  which  copy  of  node  i  has  link  to  a  copy 
of  node  j  is  represented  with  the  edges  shown  in  Figure  3,  as  described  next. 

•  Vertices  in  Figure  3  represent  sets  of  vertices  in  Af. 

Vertex  R  represents  a  set  containing  node  r  in  Af  corresponding  to  each  node  r  £  R. 

Vertex  R2  represents  a  set  containing  node  r2  in  Af  corresponding  to  each  node  r  £  R. 
Vertex  FI  represents  a  set  containing  node  kl  in  Af  corresponding  to  each  node  k  £  F. 
Vertex  F2  represents  a  set  containing  node  k2  in  Af  corresponding  to  each  node  k  £  F. 
Vertices  C,  Cl,  C2,  L,  and  LI  analogously  represent  copies  of  appropriate  nodes  in  G. 

•  The  directed  edge  from  vertex  R  to  vertex  FI  in  Figure  3  indicates  that,  if  for  r  £  C  and 
k  £  F,  link  (?’,  k )  £  £,  then  link  (r,kl)  is  in  Af.  Similarly,  the  directed  edge  from  vertex  F2  to 
vertex  L  in  Figure  3  indicates  that,  if  for  k  £  F  and  l  £  L,  link  ( k ,  l)  £  £,  then  link  (k2,l)  is 
in  Af.  Other  solid  edges  in  Figure  3  represent  other  communication  links  in  Af  similarly. 

The  dotted  arrows  are  also  communication  links  in  Af,  but  we  use  dots  to  emphasize  that  the 
links  are  broadcast  links  in  the  sense  discussed  above.  There  are  four  such  “broadcast  edges” 
in  the  figure.  The  broadcast  edge  from  L  to  R  and  R1  implies  that  if  for  l  £  L  and  r  €  R, 
link  (l,r)  £  £,  then  messages  from  node  1  in  Af  being  sent  to  the  state  machine  r  are  sent  to 
r  and  rl  both  in  Af. 

•  Five  of  the  edges  do  not  terminate  at  any  vertex  in  Figure  3  (one  such  edge  at  each  of  the 
vertices  Cl,  LI,  R2,  C2,  and  C).  This  signifies  that  the  corresponding  transmissions  are 
discarded.  For  instance,  transmissions  from  LI  to  R  are  discarded.  More  specifically,  for 
l  £  R  and  r  £  R,  if  there  is  a  link  (r,  l)  £  £,  then  transmissions  by  node  11  (in  Af)  intended 
for  state  machine  r  are  silently  discarded  without  the  knowledge  of  node  11). 

Each  node  in  G(V,£)  has  an  input  as  discussed  previously.  An  input  is  also  available  to  each 
node  in  Af.  In  our  discussion,  we  will  assume  that  the  fault-free  nodes  represented  by  any  single 
vertex  in  Figure  3  all  have  the  identical  input.  Specifically,  the  input  at  the  nodes  represented  by 
vertex  L  is  m,  and  the  input  is  shown  in  a  rectangle  next  to  vertex  L  in  Figure  3.  Similarly,  input 
at  nodes  represented  by  the  other  vertices  is  also  shown  in  the  figure. 
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Let  us  define: 

Nl  =  set  of  incoming  neighbors  of  L  in  R  U  C 
Nr  =  set  of  incoming  neighbors  of  R  in  L  U  C 

By  assumption,  |iVx,|  <  /  and  \Nr\  <  f. 

We  now  show  how  the  behavior  of  a  certain  subset  of  vertices  in  A f  is  identical  to  the  behavior 
of  corresponding  nodes  in  the  original  network  G.  In  each  case,  we  consider  partition  L,  R,  C,  F  of 
V. 

•  Case  1:  Nodes  in  Nr  are  faulty,  and  the  other  nodes  in  V  are  fault-free:  We  can  model  the 
fault-free  nodes  by  the  corresponding  nodes  in  LI,  R,  Cl  and  FI  in  Af.  An  instance  of  the 
behavior  of  faulty  nodes  in  Nr  is  modeled  by  corresponding  nodes  in  L,  LI,  C  and  Cl.  Since 
the  fault-free  nodes  in  L,  C,  R,  F  must  agree  on  value  M  in  G,  the  nodes  represented  by  R  in 
A f  will  also  terminate  with  output  M. 

•  Case  2:  Nodes  in  Nl  are  faulty,  and  the  other  nodes  in  V  are  fault-free:  We  can  model  the 
fault-free  nodes  by  the  corresponding  nodes  in  L,  R2,  C2  and  F2  in  AT.  An  instance  of  the 
behavior  of  faulty  nodes  in  Nl  is  modeled  by  corresponding  nodes  in  R,  R2,  C  and  C2.  Since 
the  fault-free  nodes  in  L,  C,  R ,  F  must  agree  on  value  m  in  G,  the  nodes  represented  by  L  in 
Af  will  also  terminate  with  output  m. 

•  Case  3:  Nodes  in  set  F  are  faulty,  and  the  other  nodes  in  V  are  fault-free:  We  can  model 
the  fault-free  nodes  in  V  —  F  =  L  U  C  U  R  by  the  corresponding  nodes  in  L,  C,  R  in  AT.  An 
instance  of  the  behavior  of  faulty  nodes  in  F  is  modeled  by  the  behavior  of  FI  and  F2.  Since 
the  fault-free  nodes  in  L,  C ,  R  must  agree  on  a  common  value  in  G,  nodes  represented  by  L 
and  R  will  also  terminate  with  agreement  on  an  identical  value.  However,  this  contradicts 
with  Cases  1  and  2,  which  conclude  that  nodes  in  R  and  L  output  M  and  m,  respectively. 

The  above  contradiction  proves  that  the  condition  in  Theorem  1  is  necessary.  □ 
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Figure  3:  Augmented  Network  A f 
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